Opportunistic Encryption [Was: Keys not trusted]

Ingo Klöcker ingo.kloecker@epost.de
Wed May 14 01:21:33 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 13 May 2003 15:52, Yenot wrote:
> 2)  As implemented today, the Web-of-Trust is bad for privacy.
>     Advertising e-mail addresses combined with a list of your closest
>     contacts (via signatures) works well for an authentication
>     protocol, but it's not a good privacy protocol.

Nobody forces you to put your name or your email address on a key. And=20
nobody forces you to let your key be signed by others or to sign=20
others' keys.

> The
>     Web-of-Trust forces people to disclose this very same information
>     that a large percentage of the population (at least in America)
> do not want published.

Trust is the principle the WoT is built upon. Without trust the WoT=20
can't exist. And trust can't really co-exist with anonymity. You have=20
to know who the key owner is before you can tell GnuPG how much trust=20
you want to put in the key owner.

> Solution:
> 3 Authentication Levels:
> L1)  No protection (unencrypted, key not available)
> L2)  Passive attack protection (encrypted, key not verified)
> L3)  Active attack protection (encrypted, key verified)
> The difference between (L2) and (L3) could be clearly visable to the
> user with clever icons. I strongly believe that we can solve this
> problem without confusing the user or giving them a false sense of
> security.

Any proposals for how these clever icons should look like?

> For getting from L2 -> L3, I think it would be nice if programs like
> KMail provided a very simple pop-up showing:
>  1) fingerprint of your key
>  2) fingerprint of key to be verified
>  3) an "OK" button to locally sign the key

=46irst you talk about making encryption as easy as possible for the=20
masses (by omitting fingerprint exchanges at keysigning events) and now=20
you propose to show them the fingerprint? Do you really think that=20
showing the fingerprint will be any good for Joe User?

> Outstanding Question:  How to pick an unauthenticated key?
> If I'm replying to a signed message (and the reply-to address matches
> a UID on the signing key), I would pick the key used to sign the
> received message.

Good idea.


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)